Splunk Query to show average count and minimum for...

Strangertinz · ‎02-12-2024

Hi,

I created a column chart in Splunk that shows month but will like to also indicate the day of the week for each of those months

Sample query
-------------------
index=_internal
| bucket _time span =1d
|eval month=strftime(_time,"%b")
| eval day=strftime(_time,"%a")
| stats avg(count) as Count max(count) as maximum by month, day

gcusello · ‎02-12-2024

Hi @Strangertinz,

your search seems to be correct, what's your issue?

Ciao.

Giuseppe

Strangertinz · ‎02-13-2024

The issue is the graph shows month on the x axis and I want it to indicate both month and day of the week

gcusello · ‎02-13-2024

Hi @Strangertinz ,

please try this:

index=_internal
| bucket _time span =1d
| eval date=strftime(_time,"%a-%b")
| stats avg(count) as Count max(count) as maximum by date

Ciao.

Giuseppe

Strangertinz · ‎02-13-2024

Thanks for your quick response but the query is not working

gcusello · ‎02-13-2024

Hi @Strangertinz ,

sorry but what do you want to calculate with avg(count) and max(count)?

count isn't a field to calculate average or maximun.
you can have the count of events by period

index=_internal
| bucket _time span =1d
| eval date=strftime(_time,"%a-%b")
| stats count by date

Ciao.

Giuseppe

Strangertinz · ‎02-13-2024

I want to calculate average count per day and maximum count per month. Like all the Mondays , Tuesdays of a given month combined and averaged

Splunk Query to show average count and minimum for date_month and date_day

chart

count

eval

stats

table

timechart

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you a member of the Splunk Community?

Splunk Query to show average count and minimum for date_month and date_day

Can’t make it to .conf25? Join us online!